blobstorage output type sends alerts to individual files in a Google Cloud Storage bucket. The sensor can optionally create the target bucket or buckets so long as it has sufficient permisisons.
Access to a Google Cloud Storage bucket can be granted by setting the
GOOGLE_APPLICATION_CREDENTIALS environment variable.
This output type is commonly used for easy archiving of Alerts in a durable store. It can also be used as the trigger for an ETL process in cloud environments where blob storage write events trigger a cloud function that processes the incoming Alert. At this point Alerts can be enriched, transformed, and shipped out to other systems as needed.
||yes||The output type.|
||yes||Enables/disables the output.|
||yes||The cloud provider name.|
||yes||The name of the bucket to write to.|
||no||Enables/disables bucket creation.|
Google Cloud has no additional configuration.
Example sending Alerts to Google Cloud:
alert_output: outputs: # Write the Alert to GCP Storage authed through GOOGLE_APPLICATION_CREDENTIALS - type: blobstorage enabled: true bucket_name: capsule8_alerts provider: gcp